CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,139 vulnerabilities with CWE-79
CVE-2025-57763 MEDIUM
WeGIA < 3.4.7 - Reflected Cross-Site Scripting via insere_despacho.php CPF Parameter
CVSS 6.1
CVE-2025-57762 MEDIUM
WeGIA < 3.4.7 - Stored Cross-Site Scripting via dependente_docdependente.php Nome Parameter
CVSS 6.1
CVE-2025-55522 MEDIUM
Akaunting 3.0.4-3.1.18 - Stored Cross-Site Scripting via Name Parameter in Reports Component
CVSS 6.5
CVE-2025-43756 MEDIUM
Liferay Digital Experience Platform < 2024.q1.20 - XSS
CVSS 5.4
CVE-2025-43755 MEDIUM
Liferay DXP 2024.Q1.1-2024.Q1.17 - Authenticated Stored XSS via GroupPagesPortlet
CVSS 5.4
CVE-2025-9306 LOW
SourceCodester Advanced School Management System 1.0 - XSS
CVSS 3.5
CVE-2025-55742 HIGH
UnoPim < 0.2.1 - Stored Cross-Site Scripting via SVG MIME/Sanitizer Bypass
CVSS 8.0
CVE-2025-55420 HIGH
FoxCMS 1.2.6 - Reflected Cross-Site Scripting in index.php
CVSS 8.8
CVE-2025-8064 MEDIUM
Bible SuperSearch <= 6.0.1 - Authenticated Stored Cross-Site Scripting via selector_height Parameter
CVSS 6.4
CVE-2025-8607 MEDIUM
SlingBlocks - Gutenberg Blocks by FunnelKit (Formerly WooFunnels) <...
CVSS 6.4
CVE-2025-53504 MEDIUM
Group-Office <6.8.119 & <25.0.20 - XSS
CVSS 5.4
CVE-2025-43757 MEDIUM
Liferay Portal 7.4.0-7.4.3.132 & DXP 2024.Q1.1-2024.Q1.18 - Authenticated XSS via DDMPortlet Definition
CVSS 5.4
CVE-2025-43746 MEDIUM
Liferay DXP 2024.Q1.1-2024.Q1.18 - Authenticated XSS via DDMPortlet Parameters
CVSS 5.4
CVE-2025-9237 LOW
CodeAstro Ecommerce Website 1.0 - XSS
CVSS 3.5
CVE-2025-47054 MEDIUM
Adobe Experience Manager < 6.5.23.0 and < 2025.5.0 - DOM-based Cross-Site Scripting
CVSS 5.4
CVE-2025-9235 LOW
Scada-LTS <= 2.7.8.1 - Stored Cross-Site Scripting via compound_events.shtm Name Parameter
CVSS 3.5
CVE-2025-9234 LOW
Scada-LTS < 2.7.8.1 - Stored Cross-Site Scripting via maintenance_events.shtm Alias Parameter
CVSS 3.5
CVE-2025-46998 MEDIUM
Adobe Experience Manager <6.5.22 - XSS
CVSS 5.4
CVE-2025-46962 MEDIUM
Adobe Experience Manager <6.5.22 - XSS
CVSS 5.4
CVE-2025-46936 MEDIUM
Adobe Experience Manager <6.5.22 - XSS
CVSS 5.4
CVE-2025-46932 MEDIUM
Adobe Experience Manager <6.5.22 - XSS
CVSS 5.4
CVE-2025-46856 MEDIUM
Adobe Experience Manager <6.5.22 - XSS
CVSS 5.4
CVE-2025-46852 MEDIUM
Adobe Experience Manager <6.5.22 - XSS
CVSS 5.4
CVE-2025-46849 MEDIUM
Adobe Experience Manager <6.5.22 - XSS
CVSS 5.4
CVE-2025-9233 LOW
Scada-LTS < 2.7.8.1 - Stored Cross-Site Scripting via view_edit.shtm Name Parameter
CVSS 3.5
Details
Vulnerabilities 45,139
Exploit Likelihood High